Joomla Security Update 1.5.11

Details: Published on Wednesday, 03 June 2009 06:25

Severity: low to moderate

Some values were output from the database without being properly escaped. Most strings in question were sourced from the administrator panel.
A XSS vulnerability exists in the JA_Purity template which ships with Joomla! 1.5.
A XSS vulnerability exists in the user view of com_users in the administrator panel.

[20090603] - Core - Frontend XSS

Posted: Wed, 03 Jun 2009 05:56:53 +0000
- Project: Joomla!
- SubProject: Site client
- Severity: Low
- Versions: 1.5.10 and all previous 1.5 releases
- Exploit type: XSS
- Reported Date: 2009-May-05
- Fixed Date: 2009-June-02
Description

Some values were output from the database without being properly escaped. Most strings in question were sourced from the administrator panel.

Affected Installs

All 1.5.x installs prior to and including 1.5.10 are affected.

Solution

Upgrade to latest Joomla! version (1.5.11 or newer).
[20090602] - Core - ja_purity XSS

Posted: Wed, 03 Jun 2009 05:56:42 +0000
- Project: Joomla!
- SubProject: ja_purity
- Severity: Moderate
- Versions: 1.5.10 and all previous 1.5 releases
- Exploit type: XSS
- Reported Date: 2009-April-06
- Fixed Date: 2009-June-02
Description

A XSS vulnerability exists in the JA_Purity template which ships with Joomla! 1.5.

Affected Installs

All 1.5.x installs prior to and including 1.5.10 are affected.

Solution

Upgrade to latest Joomla! version (1.5.11 or newer).
[20090601] - Core - com_users XSS

Posted: Wed, 03 Jun 2009 05:56:25 +0000
- Project: Joomla!
- SubProject: com_users
- Severity: Moderate
- Versions: 1.5.10 and all previous 1.5 releases
- Exploit type: XSS
- Reported Date: 2009-April-30
- Fixed Date: 2009-June-02
Description

A XSS vulnerability exists in the user view of com_users in the administrator panel.

Affected Installs

All 1.5.x installs prior to and including 1.5.10 are affected.

Solution

Upgrade to latest Joomla! version (1.5.11 or newer).

Best Canadian Web Host for Joomla

Joomla Security Update 1.5.11

[20090603] - Core - Frontend XSS

Posted: Wed, 03 Jun 2009 05:56:53 +0000

Description

Affected Installs

Solution

[20090602] - Core - ja_purity XSS

Posted: Wed, 03 Jun 2009 05:56:42 +0000

Description

Affected Installs

Solution

[20090601] - Core - com_users XSS

Posted: Wed, 03 Jun 2009 05:56:25 +0000

Description

Affected Installs

Solution

Related Articles

Our Latest Joomla News

Our Latest Joomla Tips

Joomla Web Hosting

Joomla Resources

Joomla Tech Services

New Joomla Extensions

Skyline Menu - Mootools MegaMenu

Accordion Gallery

jvArcade Random Games

jvArcade Related Games

Ogone Payment Plugin for K2 Store

Joomla Site of the Month

U Matter U Can Get Help

Times Square

Alliance for Catholic Education - University of Notre Dame

Looking to build an online community ?

Make your own custom Joomla Template